October 15, 2012
Shuster Court Room, Silverman 147
Cyberweapons and cyberwarfare have become the most dangerous innovation of this century1 and are now considered by the FBI to be the number one threat to national security.2 Cyberweapons imperil economic, political, and military systems by a single, often minimal act, or by multifaceted orders of effect, creating a dreadful new potentiality in every dimension. Cyberattacks put immense pressure on conventional notions of sovereignty and the moral and legal doctrines that were developed to regulate them. Unlike past forms of warfare circumscribed by centuries of just war tradition and law of armed conflict prescriptions, cyberwarfare occupies a particularly ambiguous status in the traditions and conventions of the laws of war. Does prevention of a cyberattack, which knows no borders, involve violations of the sovereignty of independent nations? While the United States has shown a willingness to consider cyberattacks to be acts of war,3 on what grounds would this be justified? How should states handle cases when the threats stem from non-state actors acting independently of any state or organization?4 Does the prevention and defense against cyberattacks require invasion of privacy and an incursion into the domain traditionally reserved for law enforcement? As such, does it pose a threat to due process rights, or the moral equivalent of such rights in the international arena? These legal ambiguities, devoid of moral perspective, make adherence to the rule of law in cyberwafare more challenging than in any other domain of warfare.5
In the United States, cyberwarfare technology was originally developed by the Bush Administration and the Obama Administration has further expanded its use. While Secretary of State Clinton has claimed that such tactics are used against al Qaeda6, the use of advanced techniques in cyberwarfare is most evident in recent operations against Iran. The United States purportedly developed a data-mining virus called Flame, a reconnaissance virus named Duqu and a computer worm dubbed Stuxnet that interrupted Iran’s nuclear program by attacking industrial control systems and causing Iranian centrifuges to spin out of control. In doing so, the United States has for the first time used computer programs for purposes that until recently could only be achieved through bombs and other conventional weapons. These actions will not be the last cyberattacks by the United States as the Pentagon’s Defense Advanced Research Projects Agency (DARPA) has recently funded Plan X, which has the goal of not only protecting computer systems but developing the capabilities to disrupt or destroy enemy systems.
The United States and its allies are not the only world powers that have been developing a cyberwar capacity. In 2007, security firm McAfee estimated that 120 countries had already developed ways to use the Internet to target financial markets, government computer systems, and utilities. In 2008, the Russian government allegedly integrated cyber operations into its conflict with Georgia. According to these accusations, Russian cyber intelligence units conducted reconnaissance and infiltrated Georgian military and government networks. When the conventional fighting broke out, Russia used cyberweapons to attack Georgian government and military sites as well as communication installations. Foreign militaries, such as China’s, have conducted exercises in offensive cyber operations, both stealing information from other governments and simulating attacks on other countries command and control systems. In 2011, Iran boasted of having the world’s second-largest cyber army. With states around the globe improving their cyberwarfare capabilities, the world may experience a cyberarms race reminiscent of the Cold War’s nuclear arms race.
This conference will assist in proactively addressing the ethical and moral issues that surround cyberwarfare by considering, first, whether the Laws of Armed Conflict apply to cyberspace just as they do to traditional warfare, and second, the ethical posture of cyberwarfare against the background of our generally recognized moral traditions in international and domestic humanitarian practice. If cyberwar must be held to the standards of the laws and traditions of war, then multiple questions arise. Not only is it difficult to determine when a cyberattack amounts to an act of war, but other sources of ambiguity arise even if we are certain that a cyberattack does fall within the ambit of military action? Thus, for example, proportionality is a crucial question in military ethics, as well as in domestic criminal law. It requires that no more force be used than is necessary to repel an attack or meet other legitimate military objectives. But how does one determine a proportional response to a cyberattack?
In a similar vein, the U.N. Charter promises that members will not use the “threat or use of force against the territorial integrity or political independence of any state” (Article 2, Section 4). This provision, however, is likely inadequate with increasing use of cyberattacks. It leads to questions of whether problems of cyberwarfare require new treaties and legal definitions. For example, does the cyberweapons race require treaties similar to the Treaty on the Non-Proliferation of Nuclear Weapons? As the country that controls the internet infrastructure and had the highest percentage of internet business as a share of its economy, the United States is in a uniquely difficult negotiating position in developing any treaties. Furthermore, cyberattacks put immense pressure on conventional notions of sovereignty and the moral and legal doctrines that were developed to regulate them. In a world of attack and destruction without conventional military assets, do traditional notions of sovereignty based on geography and territorial integrity retain their relevance? To address such questions and more, this conference seeks to bring together leading authorities in the law, technology, and ethical philosophy. By better understanding these ethical issues now, we can be better prepared as cybersecurity becomes a more integral aspect of national security.